Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Flexense Syncbreeze

Exploit-CVE-2017-14980 PoC exploit para CVE-2017-14980 —...

MiracleLinux 8 : kernel-4.18.0-553.16.1.el8_10 (AXSA:2024-8704:25)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8704:25 advisory. kernel: powerpc: Fix access beyond end of drmem array CVE-2023-52451 kernel: efivarfs: force RO when remounting if SetVariable is not supported...

MiracleLinux 7 : 389-ds-base-1.3.10.2-17.el7 (AXSA:2022-3917:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3917:03 advisory. 389-ds-base: SIGSEGV in syncrepl CVE-2022-2850 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note...

MiracleLinux 8 : 389-ds:1.4 (AXSA:2022-3938:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3938:01 advisory. 389-ds-base: SIGSEGV in syncrepl CVE-2022-2850 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note...

CVE-2026-23844 Whisper Money has IDOR Vulnerability on sync/balances endpoint

Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue...

CVE-2026-23844 Whisper Money has IDOR Vulnerability on sync/balances endpoint

Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue...

nvidia-live-translation-poc

NVIDIA Live Translation with Lip-Sync POC Real-time voice tra...

kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free

A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...

kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free

A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...

MiracleLinux 7 : ntp-4.2.6p5-25.1.0.1.el7.AXS7 (AXSA:2017-1296:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1296:01 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which...

CVE-2021-47807

Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...

CVE-2021-47807

Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...

Flexense Sync Breeze security vulnerability

Flexense Sync Breeze is a file synchronization tool developed by Flexense Corporation. The version 13.6.18 of Flexense Sync Breeze contains a security vulnerability. This vulnerability stems from the Windows service configuration, where a service path without quotes was used, potentially allowing...

PT-2026-3218

The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-004800)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004800 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' ...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003883)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003883 advisory. In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004329 advisory. In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with...

CVE-2021-47807 Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path

Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...

CVE-2021-47807

CVE-2021-47807 affects Sync Breeze 13.6.18, where an unquoted Windows service path in the program files directory allows a local attacker to inject a malicious executable and escalate privileges. The vulnerability stems from the unquoted service path in the service configuration, enabling local e...

CVE-2021-47807 Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path

Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...